Trail of Bits Blog

Menu

Skip to content
  • Home

Category Archives: Ecosystem Security

Adding build provenance to Homebrew November 6, 2023
Trusted publishing: a new benchmark for packaging security May 23, 2023
Getting 2FA Right in 2019 June 20, 2019

Post navigation

About Us

Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products. We combine high-­end security research with a real­ world attacker mentality to reduce risk and fortify code.

Read more at www.trailofbits.com

Subscribe via RSS

RSS feed RSS - Posts

Recent Posts

  • ETW internals for security research and forensics
  • How CISA can improve OSS security
  • Assessing the security posture of a widely used vision model: YOLOv7
  • Our audit of PyPI
  • Adding build provenance to Homebrew
  • The issue with ATS in Apple’s macOS and iOS
  • Numbers turned weapons: DoS in Osmosis’ math library
  • Introducing invariant development as a service
  • Pitfalls of relying on eBPF for security monitoring (and some solutions)
  • Don’t overextend your Oblivious Transfer
  • Security flaws in an SSO plugin for Caddy
  • Holy Macroni! A recipe for progressive language enhancement
  • Secure your Apollo GraphQL server with Semgrep
  • iVerify is now an independent company!
  • The Engineer’s Guide to Blockchain Finality

Yearly Archive

  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012

Categories

  • Apple (13)
  • Attacks (12)
  • Audits (8)
  • Authentication (5)
  • Binary Ninja (14)
  • Blockchain (58)
  • Capture the Flag (11)
  • Careers (2)
  • CodeQL (3)
  • Compilers (26)
  • Conferences (30)
  • Containers (2)
  • Cryptography (47)
  • Crytic (4)
  • Cyber Grand Challenge (7)
  • DARPA (22)
  • Dynamic Analysis (13)
  • Ecosystem Security (3)
  • Education (17)
  • Empire Hacking (7)
  • Engineering Practice (16)
  • Events (7)
  • Exploits (30)
  • Fuzzing (33)
  • Go (5)
  • Guides (15)
  • Internship Projects (34)
  • iVerify (5)
  • Kubernetes (2)
  • Linux (3)
  • Machine Learning (12)
  • Malware (7)
  • Manticore (17)
  • McSema (11)
  • Memory Safety (1)
  • Meta (12)
  • Mitigations (11)
  • Open Source (2)
  • osquery (22)
  • Paper Review (11)
  • People (6)
  • Podcast (1)
  • Policy (9)
  • Press Release (29)
  • Privacy (9)
  • Products (8)
  • Program Analysis (18)
  • Recruitment (1)
  • Remote Work (1)
  • Research Practice (22)
  • Reversing (15)
  • Rust (5)
  • SafeDocs (1)
  • Semgrep (2)
  • Sinter (1)
  • Slither (3)
  • Sponsorships (12)
  • Static Analysis (29)
  • Supply Chain (1)
  • Symbolic Execution (18)
  • Threshold Signatures (1)
  • Training (2)
  • Uncategorized (33)
  • Vulnerability Disclosure (14)
  • Windows (2)
  • Working at Trail of Bits (2)
  • Year in Review (6)
  • Zero Knowledge (10)
My Tweets
 

Loading Comments...